GDPR Compliance

Your data rights under UK GDPR

Our Commitment to Data Protection

Jaded Drift is committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

Jaded Drift is the data controller responsible for your personal data. Our contact details are:

Email: [email protected]
Address: 42 Colston Street, Bristol, BS1 5AP, United Kingdom

What Personal Data We Collect

We collect and process the following categories of personal data:

  • Identity data: Name, age group, date of birth (for minors)
  • Contact data: Email address, postal address
  • Programme data: Selected programmes, educational goals, attendance records
  • Financial data: Payment information, transaction history
  • Communication data: Enquiries, feedback, correspondence with us
  • Technical data: IP address, browser type, device information (when you visit our website)

Legal Basis for Processing

We only process your personal data when we have a legal basis to do so:

1. Contract Performance

We process your data to deliver the educational programmes you've registered for, manage bookings, and provide customer support.

2. Legitimate Interests

We may process your data where it's necessary for our legitimate business interests, such as:

  • Improving our services and website
  • Sending relevant educational information
  • Protecting our business and your data from fraud
  • Analyzing service usage to better serve our clients

3. Consent

For certain processing activities, we ask for your explicit consent, which you can withdraw at any time.

4. Legal Obligations

We process data when required by law, such as for tax purposes or to respond to legal requests.

Your Rights Under UK GDPR

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge.

Right to Rectification

If your personal data is inaccurate or incomplete, you can request that we correct or complete it.

Right to Erasure (Right to be Forgotten)

You can request that we delete your personal data in certain circumstances, such as:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there's no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing

You can request that we limit how we use your data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You can object to processing of your personal data where we rely on legitimate interests. You can also object to direct marketing at any time.

Right to Withdraw Consent

Where we process your data based on consent, you can withdraw that consent at any time. This won't affect the lawfulness of processing before withdrawal.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, we may extend this by up to two months and will inform you if this is necessary.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Staff training on data protection
  • Secure backup and recovery procedures

Data Retention

We retain your personal data only for as long as necessary:

  • Programme participants: 6 years after programme completion (for educational records and legal requirements)
  • Enquiries: 2 years from last contact
  • Financial records: 7 years (for tax and accounting purposes)
  • Marketing communications: Until you unsubscribe or request deletion

Data Sharing

We do not sell your personal data. We only share data with:

  • Service providers who help us deliver our services (e.g., payment processors, email services)
  • Professional advisers (lawyers, accountants) when necessary
  • Regulatory authorities when required by law

All third parties are required to maintain appropriate security and only process your data according to our instructions.

International Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

Children's Data

When providing services to children under 16, we obtain parental or guardian consent. We take additional measures to protect children's data and ensure age-appropriate processing.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of the breach.

Updates to This Information

We may update this GDPR information from time to time. Material changes will be communicated to you via email or through a notice on our website.

Complaints

If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

However, we encourage you to contact us first so we can address your concerns directly.

Contact Our Data Protection Team

For any questions about how we handle your personal data or to exercise your rights:

Email: [email protected]
Subject line: "Data Protection Enquiry"